Privacy Policy

Tutor Registry is a UK-based tutoring marketplace that connects parents with university student tutors for personalised GCSE and A-Level tuition. We act as a data controller for the personal data we hold about you. If you have any questions about this policy or your data, contact us at [email protected].

We collect the following categories of personal data:

• Account information: name, email address, password (stored hashed), and optionally a phone number.
• Parent profile: billing address and address for correspondence.
• Children's details: first name, school year, level, exam board, and subject requirements. We collect only what is needed to match each child to a suitable tutor.
• Tutor profile (if you register as a tutor): display name, biography, university, course, hourly rate, qualifications, profile media, and verification documents (e.g. student ID).
• Payment information: processed securely by Stripe. We do not see or store your card details — we only store a Stripe payment-method reference.
• Booking and session history: dates, durations, prices, and status of bookings made through the platform.
• Usage data: log data about your visits (IP address, device type, pages viewed), used to keep the service secure and operational.

We use your data to:

• provide, maintain, and improve the tutoring marketplace service;
• process bookings and payments, and issue refunds where applicable;
• send booking confirmations, cancellations, and 24-hour reminders;
• verify tutor identities and qualifications before approval;
• respond to your enquiries and support requests;
• detect and prevent fraud, abuse, and security incidents;
• comply with our legal and regulatory obligations.

We rely on the following legal bases under UK GDPR:

• Contract performance — to provide the marketplace service you have signed up for and to process your bookings.
• Legitimate interests — to operate, secure, and improve the service, to verify tutors, and to prevent fraud.
• Consent — for any optional marketing communications. You can withdraw consent at any time in your account settings.
• Legal obligation — to retain records for tax, accounting, and safeguarding purposes.

We share your data only with the trusted service providers needed to run the platform, and only to the extent necessary:

• Stripe — payment processing and refunds.
• Brevo — transactional email delivery (booking confirmations, reminders, account notices).
• Twilio — SMS delivery for booking reminders, where you have opted in.
• Supabase — secure cloud hosting for our application database, authentication, and file storage.

We never sell your data to third parties. We may disclose data where legally required (for example, in response to a valid court order) or to protect the safety of our users.

• Active account data is retained for as long as your account is active.
• Booking, payment, and invoice records are retained for seven (7) years to meet UK tax and accounting obligations.
• Deleted account data is anonymised immediately on deletion — your name, email, and identifying details are removed and replaced with a pseudonymous reference, while booking history is retained for the period above without being linked to a personal identity.
• Server logs are retained for up to 90 days for security and operational purposes.

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Erasure(the “right to be forgotten”) — you can delete your account from your account settings at any time.
• Restrict our processing of your data.
• Data portability — download a machine-readable copy of your data, available from your account settings.
• Object to processing based on legitimate interests.
• Withdraw consent for any consent-based processing at any time.

You can exercise most of your rights yourself in your account settings at tutorregistry.co.uk/account — including downloading your data and deleting your account. For any other request, email [email protected] and we will respond within one calendar month. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).

We use a small number of essential cookies to keep you signed in and to protect against cross-site request forgery. We do not use advertising or third-party tracking cookies, and we do not run analytics that identify individuals.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and update the “last updated” date at the top of this page.

For any privacy-related question or request, contact our data protection team at [email protected].